Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can... Critical Unreviewed
CVE-2018-12649 was published May 13, 2022
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force... Critical Unreviewed
CVE-2018-12993 was published May 13, 2022
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a... Critical Unreviewed
CVE-2018-1475 was published May 13, 2022
web2py is vulnerable to password brute-force attack Critical
CVE-2016-10321 was published for web2py (pip) May 14, 2022
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout... Critical Unreviewed
CVE-2019-4336 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1).... Critical Unreviewed
CVE-2019-13918 was published May 24, 2022
Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive... Critical Unreviewed
CVE-2019-3766 was published May 24, 2022
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05... Critical Unreviewed
CVE-2019-17215 was published May 24, 2022
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection... Critical Unreviewed
CVE-2019-17240 was published May 24, 2022
AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force... Critical Unreviewed
CVE-2019-12941 was published May 24, 2022
Pimcore 2FA Vulnerable to Brute Forcing Critical
CVE-2019-18985 was published for pimcore/pimcore (Composer) May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive... Critical Unreviewed
CVE-2020-15770 was published May 24, 2022
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an... Critical Unreviewed
CVE-2020-6875 was published May 24, 2022
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid... Critical Unreviewed
CVE-2020-15906 was published May 24, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH... Critical Unreviewed
CVE-2020-25196 was published May 24, 2022
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress... Critical Unreviewed
CVE-2020-35590 was published May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login... Critical Unreviewed
CVE-2020-35565 was published May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might... Critical Unreviewed
CVE-2021-27514 was published May 24, 2022
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does... Critical Unreviewed
CVE-2021-25309 was published May 24, 2022
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication... Critical Unreviewed
CVE-2019-18235 was published May 24, 2022
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote... Critical Unreviewed
CVE-2021-31646 was published May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and... Critical Unreviewed
CVE-2021-22737 was published May 24, 2022
Lin-CMS-Flask vulnerable to Improper Authentication Critical
CVE-2020-18698 was published for Lin-CMS (pip) May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to ... Critical Unreviewed
CVE-2021-28911 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database